RE: Vendor Remote Access

From: Vachon, Scott (Scott.Vachon@Paymentech.com)
Date: 04/19/02 

From: "Vachon, Scott" <Scott.Vachon@Paymentech.com>
To: security-basics@securityfocus.com
Date: Fri, 19 Apr 2002 12:38:26 -0500

>Our organization works with many third party vendors.
>If a deparment buys a new application from a vendor, it usually comes with
>support. This
>means they should be able to access the server remotely.
>Some require PCAnywhere to be installed on the server and can be accessed
>via dial-up systems(modem banks).
>We have plans to install VPN in the future. If we do get a VPN system.
Don't
>the vendor
>still require some kind of remote control software to administer their
>application ?
>We just want them to administer their application and NOT operating system.
>Please let me know what you think ?

If the Vendor needs access remotely, they should provide the equipment and
access for it. For example, they can order in a frame circuit to a router
they locate at your site. They can then hang a server off of it. You provide
a firewall and allow only the services they need through to your network.
ACLs on your routers are key as well. If they won't do this, then your
company (the customer) needs to make them fly or drive their lazy butts on
site to do the work.
They need dial up ? Same deal. They pay for the lines, the modem bank, the
server, and the PCAnywhere. If they touch your network, you must place a
firewall in between the vendor's server and your network.
My 2 cents...

~S~

Relevant Pages

  • Re: Reduce ARP Traffic
    ... I once had to t-shoot a dial in issue with a vendor. ... Back to STP the reason I was posting, Phillip is right, STP is only used if ... server that is connected to each for redundancy. ... network, so I'm not too worried about that either. ...
    (microsoft.public.windows.server.networking)
  • Re: CYA
    ... network setup and take it from there. ... server and they live and die if these are down. ... They have an outside vendor that has been with the company for about 5 ... I just found out there is a new policy that was enabled to lock the end ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Delayed email from outside vendor or not arriving at all
    ... I understand that one vendor send email to ... your client will get Delivery Status Notification. ... I suggest we track the not receive email in your client SBS 2003. ... How to Enable Message Tracking Center on a Server ...
    (microsoft.public.windows.server.sbs)
  • [UNIX] Multiple Vendor X Server Vulnerabilities (XFree86-Misc, EVI, MIT-SHM, TOG-CUP, XI
    ... Multiple Vendor X Server Vulnerabilities (XFree86-Misc, EVI, MIT-SHM, ... Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index ... Local exploitation of an invalid array index vulnerability in the X.Org X ...
    (Securiteam)
  • Re: DHCP Vendor Classes
    ... i've been testing with Dell laptops too. ... Both Cisco and Dell are sending Vendor IDs, ... So I setup a vendor class for that ID, added an option 67 (boot filename), configured it, and tried to get it to take it - but the server doesnt hand it out. ...
    (microsoft.public.windows.server.general)